Full compliance with UK and EU GDPR.
Your data. Your control. We never train on your contracts.
Lexilio was built from day one on a privacy-first foundation. Your contracts are analysed in real time and permanently deleted the moment you choose to remove them. No exceptions. No ambiguity.
All data stored on EU-region infrastructure.
AES-256 at rest. TLS 1.3 in transit.
Documents are permanently deleted when you remove them.
We never use your contracts to train AI models.
Granular permissions for Owner, Admin, Member, and Viewer.
Security built for contracts that carry real commercial exposure.
Lexilio handles tender packs, amendments, notices, claims, and negotiated positions as confidential customer material. The platform is designed around least-privilege access, regional hosting, deletion discipline, and a plain commitment: your contract data is processed to serve your project team, not to build someone else's model.
Data sovereignty
Customer workspaces are structured so contract records, analysis outputs, and deletion events remain under client control.
No model training
Uploaded contracts, prompts, mark-ups, and generated outputs are not used to train Lexilio or third-party foundation models.
Permissioned access
Role-based access, workspace boundaries, and administrative controls are designed for multi-entity contractor environments.
Deletion discipline
When a customer removes a document, Lexilio treats that as an operational instruction, not a soft preference.
Contract data handling
Minimum necessary processingFor security, privacy, or vendor review questions, contact security@lexilio.co.
Questions procurement teams ask first.
No. Customer inputs, uploaded contracts, generated outputs, and review history are processed to provide the service and are not used to train Lexilio or third-party foundation models.
Lexilio uses EU-region infrastructure for customer data storage, with security controls designed around GDPR expectations and enterprise procurement review.
Deletion is treated as a customer instruction. Removed documents are no longer retained as active customer contract records after deletion.
Workspace access is governed through role-based permissions for Owner, Admin, Member, and Viewer roles, supporting separate responsibilities across commercial, legal, and project teams.
Lexilio protects customer data with encryption at rest and encrypted transport, including AES-256 at rest and TLS in transit.
Yes. The security posture is documented around privacy, access control, deletion discipline, regional hosting, and no-training commitments for serious procurement and legal review.